Wednesday, July 27, 2016

Just when you thought Donald Trump couldn't possibly get any more outrageous, he comes up with this:

“Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing. I think you will probably be rewarded mightily by our press,” Trump said during a news conference at his South Florida resort on Wednesday.

“They probably have them. I’d like to have them released. It gives me no pause, if they have them, they have them,” Trump added later when asked if his comments were inappropriate. “If Russia or China or any other country has those emails, I mean, to be honest with you, I’d love to see them.”

Think about that for a moment. Here is a major party candidate for President of the United States urging a foreign government to violate U.S. law in order to damage a political opponent.

I have long since run out of superlatives to describe Trump, but if this isn't crossing the line I don't know what is. Trump has previously observed that he could probably "shoot somebody and ... not lose any votes." Do we really have to see blood in the streets before we wake up? Donald Trump is a clear and present danger to American democracy. With his finger on the nuclear button, his totally un-nuanced vindictiveness would be a clear and present danger to civilization. He must not be allowed to win this election.

Republicans, I'm looking at you. If Trump wins, you won't be able to tell your grandchildren that you didn't know how bad he was or how far he would go. Trump doesn't even try to dissemble. He wears his ignorance, his bigotry, and now his contempt for the rule of law on his sleeve with pride. He thinks they're features! For the love of all that is holy, don't vote for him in November. The status quo, bad as it is, is still better than what Trump is selling.

Sunday, July 03, 2016

A couple of weeks back I wrote about how someone put an iCloud lock on a MacBook Air that I'd owned for over three years. I was about ready to write the machine off and sell it for parts, but I couldn't do that until I had wiped the internal SSD because it contained personal information that I didn't want to fall into the wrong hands. To do that, I needed some special tools so I could open the machine up, and an adapter so I could connect the SSD to a USB port once I'd gotten it out. While I was waiting for those to arrive, I decided to take another whack at brute-forcing the EFI PIN using this handy-dandy utility. It was a time-consuming process, made all the more time consuming by the fact that the Teensy3 that it runs on doesn't have any way to display which PIN code it is currently trying, so even after the machine was unlocked I still didn't know what the PIN code was. I toyed with the idea of pointing a camera at the screen to keep track of when the unlock happened, but in the end I ended up just running the brute-force multiple times and doing a binary search to find the code.

Once I had the PIN, I was able to remove the EFI firmware lock, but I was still not able to boot from the original SSD. Apparently, some of the things that Apple told me during the original debugging process were false (imagine that!) As far as I can tell, there are two locks that you can put on a machine: an iCloud lock, and an EFI firmware lock, and my machine had both. I was able to brute-force the EFI lock, but unfortunately my previous unsuccessful efforts to brute-force the iCloud lock had uncovered what seems to be a bug in the iCloud lock code: after a few dozen unsuccessful guesses at the iCloud PIN, the machine starts to disable itself for progressively longer periods of time before it will accept further guesses. In my case, that period of time was (according to the information displayed on the screen) an hour. But when I waited an hour, it simply re-cycled to the same screen, and still would not accept any further PIN attempts. So I ended up wiping the hard drive and doing a clean re-install of Mavericks. And this time, I bound the machine to my iCloud account and verified that I could lock it. I could.

There was still one potential snag: it was possible that a machine could be bound to more than one iCloud account at once. After all, if removing an iCloud binding really was as simple as logging in to a different iCloud account and turning on find-my-mac, that would make the lock feature completely useless against all but the most naive of thieves. So I did the experiment: I created a second iCloud account for myself and tried to log in to it. I could do that, but when I tried to turn on the find-my-mac feature from that account, I got this:

And that is the smoking gun. At least on Mavericks, find-my-mac is trivial to disable and hence completely useless. The only reason that someone else was able to lock my mac was because I didn't know that this feature existed, because I never use iCloud. Find-my-mac is not a theft deterrent at all, it is a way for Apple to coerce people into using iCloud by allowed denial-of-service attacks to be launched against people who opt out.

There is one additional wrinkle: shortly before my machine was locked (like a week or two) I upgraded it to Yosemite. Back when I was still dealing with Apple tech support they told me that there was no possible way that this had anything to do with the lock being placed, but I'm not sure I believe this. The timing was just too close, and removing the lock from Mavericks just too easy, for this to have been coincidence. I am pretty confident that Apple battened down the hatches somehow, but in order to figure that out I would have to re-upgrade the machine to Yosemite so I can noodle around with it, and I won't be making that mistake again.

But if there's anyone out there with a Yosemite machine who feels like doing this experiment (make two iCloud accounts and see what happens when you try to find-my-mac with both of them at the same time) please do let me know what happens.

Friday, July 01, 2016

When I first saw this story this story I thought I was being punked, because it's not April 1 and it's not The Onion:

Producers of bottled water are now forbidden by law from making the claim [that water can prevent dehydration] and will face a two-year jail sentence if they defy the edict, which comes into force in the UK next month.

Last night, critics claimed the EU was at odds with both science and common sense. Conservative MEP Roger Helmer said: “This is stupidity writ large.

Suddenly I have a lot more sympathy for the pro-Brexit vote.

To be clear, it's not like the EU ministers got together and made a rule specifically forbidding this statement. Instead what happened was that two German professors decided to test the limits of EU rulemaking by submitting an application to place the claim that water prevents dehydration on the labels of bottles of water. The request was denied.

I'm not sure which is the more staggering stupidity: that the EU denied the application to make the almost tautological claim that water prevents dehydration, or that people in Western civilization, where perfectly drinkable water comes out of the taps for free, spend money on bottled water to begin with.